^*&l{y f hit dure, 
Shura^c ' devices J 

P^, //f 



# 





W (Lain tUcajZ, 




it 



4L 



Modify strachK,- ,f ^ 



Fx/. /J? 




- J 




Enable, {~Q\tq/v\ 



Ill 






tecchy Setiware, ««fp Cpm^^J deMit^Jp^ 2p[ 





jl^UH fecuriy f cftwu^ f»tz> U^fuUfytuil k„uJ \^ 



J 



I 



f Moo /for ^ re^ori opimtiy fysUn cb+zi L- 

J/ 



1 



Mite, W Ufh e,xe«iV^ ,f prehut^Ak. hZh ^ 2 ^ 



r = 



2<?f 




Y ' 



Prmi Fit, 2ft 

i 




2/3 



coit, frrm liter. 



jt^Hxo^tel- liter] 
Yes 



2/r 



Se/s-tf i/o I time, (s) 
4 h> he, prpfe^hd. 



216 



211 



il —J/ 



n 2/) 




Calculi \»i* fr Hj ^U&) fi> r 



id. 



22^ 



^nt yj/JueQ fUr4 U prefer Uu^( r)j 




tr minute, opinaMffKof 



FX£, 23 





JO I 



?0l 



IFS Manager ^&rt¥<//s:>y^^ IOS Manager FW , - . ..• •, ■■■■ <. y 



i i 

! I 

* ! 



IFS_R©qHooK 
(Spoof and Write 
Protect) 
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Registry Manager V;;. 



/ 



3n 



▼ ■ 



i 



IFS Function 



P 2 ^ iRegistry API Hocks[ 

v ! - ' 



Handier 



Spoof and 



1 Wrlt&.protect fZ7/2(? f 



{ Special Swap ; / 
! File Handing | *T^ ^/2t 



File Access i 
Logging \ 



Volume Mount 






«rty**.\ 'dtArtuf- Pretty Sffh^ 





kflccce, 0ripn4 dtfokxt of*r«My yrkn, 



I 



^'Jify f/j-y ^ rj ^ 4 reflet M*s Kt^£ 





MO.SYS 



user file 



user file 



\WINDOWS 



"7 



J 1 - 'J' ''i v * V "r 



\OTHER 



\USERDIR 



required A 



user file 



required B 



required C 





Windows Files 


required D 


not required 


^- * 


not required 


required E 






Other Boot Files 


required F 




not required 


required G 




User Data 
Directory 



user file 
user file 



cleartexl 



< 



BOOTREC 























Sii 


\FAXV:;^;: 






















UO.SYS 






ins 




WINDOWS 












\OTHER 












Required A 


Required B 


Required C 


unused 





* 



Root directory with only boot 
files after copy to temporary, 
and replace (or relink in 
FAT32) 



Plaintext FAT modified: 
clusters except for files 
used at boot are marked 
"BAD* or are left free for 
additional plaintext files 



Windows Boot 
Files (copies) 



Required D 



Required E 



unused 



unused 



\Other Boor 
Files(coples) 



Required F 



Required G 



unused 




Encrypted FAT1 



Encrypted FAT2 



Calls to FAT sectors and root 
sectors redirected to aliased 
copies via LSVOLMAP.DAT 




Original root moved to 
aliased system area (does 
not need actual move in 
FAT32) 



Windows Files 
required D 
not required 
not required 
required E 



Other Files 



required F 
not required 
required G 



User Data 
Directory 

user file 
user file 
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O 

c 
LU 



J 



